Hackers claiming to be part of the Anonymous hacker collective “owned” the US Sentencing Commission website (ussc.gov) on January 25 through 27, first replacing the home page with a long screed detailing its gripes with the US legal system and threatening to release embarrassing “secrets” stolen from US government websites. The next move in “Operation Last Resort” was to turn the commission’s restored home page into a playable version of the classic Asteroids arcade game. A subsequent threat to release a list of people in the federal Witness Protection Program was bogus.

The hack was in retaliation for the suicide by hanging of Aaron Swartz on January 11 in his New York apartment. Swartz was awaiting trial on charges of computer intrusion. Swartz invented Really Simple Syndication (RSS) at the age of 14, and started the wiki platform infogami while an undergrad at Stanford. He was charged with breaking into JSTOR files of academic papers in order to make them freely and publically available. Prosecutors said they had no plans to seek jail time for Swartz.

When the Asteroids hack was finally shut down, Anonymous moved it to the US Probation Court for the state of Michigan website (miep.uscourts.gov) – suggesting that Anonymous could have background control of multiple US government websites.

The Chinese government apparently feels it has political reasons to assault the New York Times computer systems over a four-month period with 45 pieces of custom malware, which were built to compromise business processes and steal passwords. The persistent attacks were partly successful; however, the paper was able to surreptitiously detect and investigate them as they were underway, leading to identification of sophisticated Chinese hackers with probable ties to its government/military as the likely perpetrator. The Times has expelled the attackers and strengthened its systems for the future.

The attacks coincided with and were presumably motivated by the reporting of a times investigation that found that relatives of China’s prime minister, had accumulated a multi-billion dollar fortune through their business dealings. A reactionary desire on the part of China’s current oligarchy to control how the world perceives, discusses and acts towards China is the likely ideological basis for this and similar attacks on western media.

The Chairman of the Senate Homeland Security and Governmental Affairs Committee, Tom Carper, said yesterday that the White House has “signaled” it will most likely introduce a long-awaited cybersecurity executive order in mid to late February. The order is a follow-up to the Cybersecurity Act of 2012, which was killed by Senate Republicans back in August 2012. (An early draft of the order was leaked on techdirt.com back in September.)

Carper announced that after the order is released, he plans to hold a joint hearing with the Commerce and Intelligence committees to discuss the measures included in the order. The Obama administration feels an executive order is necessary because the cybersecurity threats facing the US are too great for action to be further delayed by bipartisanship in the legislative branch.

Government IT Security

Pivot Point Security has the right combination of Information Security/Compliance domain expertise, government knowledge and experience, and organizational character to help you define and execute on the best course of action to know you’re secure and prove you’re compliant. See how we can help.

To validate that significant changes did not have unanticipated results

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Download: ISO 27001 Implementation Roadmap

Have no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Best Practices for Firing A Network Security Administrator

Want to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.